Clearpass: Everything you hope for and more from a network access control system
November 07, 2019

Clearpass: Everything you hope for and more from a network access control system

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Aruba ClearPass

ClearPass is being used company-wide. Every person's device is authenticated through ClearPass and depending on what department they are they are put into a VLAN that gives them access to the systems they need. I love that ClearPass can grant or deny access to certain systems based on the user because it saves time not having to build that manually. We also use ClearPass to create guest accounts for visitors that come to our campus. These guest accounts grant access to the internet but not to our internal systems. ClearPass solves the problem of having multiple departments with different needs and being able to grant them access to what they need while keeping the network secure. ClearPass allows us to use 802.1x so we can put a base config on our network devices and not have to configure each port specific to each person or device.
  • You can use ClearPass authenticate using wired and wireless network devices. This is helpful that you don't have to have multiple systems to accomplish this.
  • Because devices can have different purposes Clearpass can configure groups that will specify what access they have. You can use parameters such as vendor or mac address so clearpass know what group to push them to.
  • It is very easy to view device logs. This is really helpful to troubleshoot auth issues. Once you find the device Clearpass provides more than enough info to know what the issue is and to fix it.
  • Getting data out of ClearPass is difficult. You can get some with SNMP but he API is lacking. There is only a limited amount of info that you can get from it. Even some data that shows up in ClearPass Insight is not available to import into a 3rd party application.
  • In the past, if you have hardware/software issues you could troubleshoot them yourself through the CLI in a Linux type interface but now they have locked everything down and it makes troubleshooting difficult. You have to rely on them for everything. As a person who likes to understand the ins and outs of the systems I manage it is somewhat frustrating.
  • Steep learning curve, although support can assist and their forums like airheads can be helpful. This is a complex system and can take a while to grasp how everything works and integrates.
  • ClearPass has streamlined everything so we don't have to have as many people managing our device auth systems.
  • Our Security team loves that ClearPass can deny unauthorized users and devices from the network. This alone has probably saved us a lot of money and headaches.
  • Cisco Identity Services Engine (ISE)
ClearPass by far is a more versatile system it seems that it has more features and can configure how you want it. Cisco ISE is extremely complicated to deploy where I felt that ClearPass was more straight forward and user-friendly. Clearpass does what Cisco ISE can do and more. ClearPass hands down has a better ability to create policies to create your own process for each type of device or for a specific function.
Aruba tier 1 support is not that great if your issue is more complex. For simple issues, the first contact is usually fine but if I know the issue is more complex I ask them from the start to escalate the issue which they are always happy to do. From there, their support have been great and I have had confidence that they know what they are talking about and there is a quick resolve. Airhead forum support is pretty good since it's community-based and I can find many answers to question there.

Do you think Aruba ClearPass delivers good value for the price?

Yes

Are you happy with Aruba ClearPass's feature set?

Yes

Did Aruba ClearPass live up to sales and marketing promises?

Yes

Did implementation of Aruba ClearPass go as expected?

Yes

Would you buy Aruba ClearPass again?

Yes

We have quite a few visitors to our campus and we don't want to have a set PSK for the wireless so we have configured a guest network where visitors can create an account and gain access to the internet and we don't have to "manage" it since the accounts will expire after a certain time. We have RF scanners in our warehouses and we want them to be allowed on the network and be put into its own VLAN. ClearPass can do this flawlessly by keying off of the MAC address when it comes online and putting it into the correct VLAN. This makes it so we don't have to add each device individually to the system. The only time ClearPass would not be appropriate is in a small deployment where the cost to value wouldn't make sense.